Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 86f61b6c by security tracker role at 2023-11-20T20:12:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,10 +1,116 @@ +CVE-2023-6197 (The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-6196 (The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2023-6045 (in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitr ...) + TODO: check +CVE-2023-5799 (The WP Hotel Booking WordPress plugin before 2.0.8 does not have prope ...) + TODO: check +CVE-2023-5652 (The WP Hotel Booking WordPress plugin before 2.0.8 does not have autho ...) + TODO: check +CVE-2023-5651 (The WP Hotel Booking WordPress plugin before 2.0.8 does not have autho ...) + TODO: check +CVE-2023-5640 (The Article Analytics WordPress plugin does not properly sanitise and ...) + TODO: check +CVE-2023-5610 (The Seraphinite Accelerator WordPress plugin before 2.2.29 does not va ...) + TODO: check +CVE-2023-5609 (The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sa ...) + TODO: check +CVE-2023-5593 (The out-of-bounds write vulnerability in the Windows-based SecuExtende ...) + TODO: check +CVE-2023-5509 (The myStickymenu WordPress plugin before 2.6.5 does not adequately aut ...) + TODO: check +CVE-2023-5343 (The Popup box WordPress plugin before 3.7.9 does not sanitise and esca ...) + TODO: check +CVE-2023-5340 (The Five Star Restaurant Menu and Food Ordering WordPress plugin befor ...) + TODO: check +CVE-2023-5140 (The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and ...) + TODO: check +CVE-2023-5119 (The Forminator WordPress plugin before 1.27.0 does not properly saniti ...) + TODO: check +CVE-2023-4970 (The PubyDoc WordPress plugin through 2.0.6 does not sanitise and escap ...) + TODO: check +CVE-2023-4824 (The WooHoo Newspaper Magazine theme does not have CSRF check in place ...) + TODO: check +CVE-2023-4808 (The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and ...) + TODO: check +CVE-2023-4799 (The Magic Embeds WordPress plugin through 3.0.10 does not validate and ...) + TODO: check +CVE-2023-48309 (NextAuth.js provides authentication for Next.js. `next-auth` applicati ...) + TODO: check +CVE-2023-48300 (The `Embed Privacy` plugin for WordPress that prevents the loading of ...) + TODO: check +CVE-2023-48293 (The XWiki Admin Tools Application provides tools to help the administr ...) + TODO: check +CVE-2023-48292 (The XWiki Admin Tools Application provides tools to help the administr ...) + TODO: check +CVE-2023-48241 (XWiki Platform is a generic wiki platform. Starting in version 6.3-mil ...) + TODO: check +CVE-2023-48240 (XWiki Platform is a generic wiki platform. The rendered diff in XWiki ...) + TODO: check +CVE-2023-48223 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to v ...) + TODO: check +CVE-2023-48221 (wire-avs provides Audio, Visual, and Signaling (AVS) functionality sur ...) + TODO: check +CVE-2023-48218 (The Strapi Protected Populate Plugin protects `get` endpoints from rev ...) + TODO: check +CVE-2023-48111 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2023-48110 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...) + TODO: check +CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...) + TODO: check +CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in ...) + TODO: check +CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in ...) + TODO: check +CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in Slider ...) + TODO: check +CVE-2023-47417 (Cross Site Scripting (XSS) vulnerability in the component /shells/embe ...) + TODO: check +CVE-2023-47217 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2023-46990 (Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a ...) + TODO: check +CVE-2023-46705 (in OpenHarmony v3.2.2 and prior versions allow a local attacker causes ...) + TODO: check +CVE-2023-46100 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get se ...) + TODO: check +CVE-2023-43612 (in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitr ...) + TODO: check +CVE-2023-42774 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...) + TODO: check +CVE-2023-3116 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...) + TODO: check +CVE-2023-38885 (OpenSIS Classic Community Edition version 9.0 lacks cross-site request ...) + TODO: check +CVE-2023-38884 (An Insecure Direct Object Reference (IDOR) vulnerability in the Commun ...) + TODO: check +CVE-2023-38883 (A reflected cross-site scripting (XSS) vulnerability in the Community ...) + TODO: check +CVE-2023-38882 (A reflected cross-site scripting (XSS) vulnerability in the Community ...) + TODO: check +CVE-2023-38881 (A reflected cross-site scripting (XSS) vulnerability in the Community ...) + TODO: check +CVE-2023-38880 (The Community Edition version 9.0 of OS4ED's openSIS Classic has a bro ...) + TODO: check +CVE-2023-38879 (The Community Edition version 9.0 of OS4ED's openSIS Classic allows re ...) + TODO: check +CVE-2023-38823 (Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC ...) + TODO: check +CVE-2023-36013 (PowerShell Information Disclosure Vulnerability) + TODO: check +CVE-2023-35762 (Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to ope ...) + TODO: check +CVE-2023-29155 (Versions of INEA ME RTU firmware 3.36b and prior do not require authen ...) + TODO: check CVE-2023-47175 (Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2 ...) NOT-FOR-US: LuxCal Web Calendar CVE-2023-46700 (SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (My ...) NOT-FOR-US: LuxCal Web Calendar CVE-2023-3379 (Wago web-based management of multiple products has a vulnerability whi ...) NOT-FOR-US: Wago -CVE-2023-46302 +CVE-2023-46302 (Apache Software Foundation Apache Submarine has a bug when serializing ...) NOT-FOR-US: Apache Submarine CVE-2023-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloa ...) NOT-FOR-US: WordPress plugin @@ -62660,8 +62766,7 @@ CVE-2022-4208 (The Chained Quiz plugin for WordPress is vulnerable to Reflected NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-41985 (An authentication bypass vulnerability exists in the Authentication fu ...) NOT-FOR-US: uC-FTPs -CVE-2022-46337 - RESERVED +CVE-2022-46337 (A cleverly devised username might bypass LDAP authentication checks. I ...) - derby <unfixed> NOTE: https://issues.apache.org/jira/browse/DERBY-7147 NOTE: https://www.openwall.com/lists/oss-security/2023/11/19/3 @@ -189760,8 +189865,8 @@ CVE-2021-27431 (ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to intege NOT-FOR-US: ARM CMSIS RTOS2 CVE-2021-27430 (GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused ha ...) NOT-FOR-US: General Electric Universal Relays -CVE-2021-27429 - RESERVED +CVE-2021-27429 (Texas Instruments TI-RTOS returns a valid pointer to a small buffer on ...) + TODO: check CVE-2021-27428 (GE UR IED firmware versions prior to version 8.1x supports upgrading f ...) NOT-FOR-US: General Electric Universal Relays CVE-2021-27427 (RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its ...) @@ -201494,8 +201599,8 @@ CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an ou NOT-FOR-US: Fatek FvDesigner CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...) NOT-FOR-US: Fuji Electric -CVE-2021-22636 - RESERVED +CVE-2021-22636 (Texas Instruments TI-RTOS, when configured to use HeapMem heap(default ...) + TODO: check CVE-2021-22635 RESERVED CVE-2021-22634 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86f61b6c4d958f1410ff6000eab6ea4f5d9309ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86f61b6c4d958f1410ff6000eab6ea4f5d9309ee You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits